Home

Description

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their contents via the download endpoint. This flaw allows complete compromise of the device without authentication. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-15 | Updated 2026-05-15 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version before 5.2.4.T1
affected

Credits

Omri Inbar finder

References

omriinbar.medium.com/...wea453e-vulnerabilities-7aa4a57d4dba technical-description exploit

fortiguard.fortinet.com/encyclopedia/ips/57323 third-party-advisory

www.samsung.com/...support/owners/product/400-series-wea453/ product

s4e.io/tools/samsung-wlan-ap-remote-code-execution third-party-advisory

www.vulncheck.com/...ung-wlan-ap-wea453e-unauthenticated-rce third-party-advisory

cve.org (CVE-2025-34068)

nvd.nist.gov (CVE-2025-34068)

Download JSON